Privacy Policy

Scope

This policy describes how NILU processes your personal data in relation to the General Data Protection Regulation (2018) when giving feedback to the ACTRIS Data Centre, or accessing data from, the ACTRIS Data Portal, API, and associated services (https://data.actris.eu/). Learn more about NILU’s general privacy policy here: https://nilu.com/about-nilu/nilus-privacy-policy/ and the ACTRIS data policy here: https://www.actris.eu/sites/default/files/inline-files/ACTRIS_ERIC_GA_approved_ACTRIS_data_policy.pdf.

Who is responsible for my personal data?

NILU is the host of the ACTRIS Data Portal. That means NILU is the entity that determines the purpose and means of processing personal data that is collected through the portal and associated services. NILU thus decides why the data is collected, how they are used, and what happens to the data.

Note that ACTRIS is a distributed data centre, and therefore observational data is collected by different RPOs. Go to https://data.actris.eu/about for more information about the data centre and the relevant RPOs.

What personal data are collected?

Your IP address is recorded when you are using the ACTRIS data portal. IP addresses are used to extract metrics of website use, such as which country our users connect from, and how many unique users have downloaded data files. Processing is based on our interest in understanding ACTRIS data dissemination and use, and in the need to prevent the malicious use of the site (e.g., denial of service attacks).

The personal data also includes the personal information collected when giving feedback to Data Centre through, for example, https://data.actris.eu/feedback.

What is the personal data used for?

Personal data will only be used for the purpose it was first collected for. We will not transfer or make available any personal information related to the use of data. To ensure traceable data production and quality assurance, ACTRIS compiles names and email addresses from the feedback form. This information allows us to contact submitters of the form.

Data security

The ACTRIS data portal uses SSL encryption. The ACTRIS data portal servers are only accessible for admins from NILU’s internal network. The servers are physically located in Norway.

What rights do I have?

Unconditional rights by law

• Access to the personal data: You have the right to a copy of your personal data, so you can check the data itself.
• Rectification: You have the right to have incorrect personal data corrected.
• Complaint: You have the right to lodge a complaint with your national supervisory/data protection authority. In Norway, you can contact the Norwegian Data Protection Authority - Datatilsynet (https://www.datatilsynet.no/en/).
• Object to processing: You have the right to object to the processing of personal data. The processing stops until we demonstrate compelling legitimate grounds for the processing. A document assessing our legitimate interests and their relationship with you will be provided to you.

Conditional rights

These rights apply if certain conditions are met.

• Erasure: You might have the right to have your personal data removed from our storage, for example, when you withdraw consent for processing. This means that you only will have a right to delete your personal data and not the actual observation data submitted by you. In such cases, the timeseries of the observational data will have missing personal information in the metadata.
• Restriction of processing: You might have the right to have us restrict the processing of your personal data, for example, when we don’t need the data anymore, but you require it for a legal claim.
• Portability: You have the right to have your data transmitted to another controller without hindrance from NILU when the processing is based on your consent or a contract between you and us.

Exercising your rights

If you have a question regarding our privacy policy, wish to exercise any of your rights, or feel dissatisfaction with our use of your data, please contact NILU by sending an email to dc-data-expert-team@lists.nilu.no. We will perform our duties without undue delay within one month of your request. That period may be extended by two further months where necessary, considering the complexity and number of the requests. For further information about your rights and exercising them, please see here: https://www.datatilsynet.no/rettigheter-og-plikter/den-registrertes-rettigheter/.

Changes to this policy

We will inform you of any material changes to this policy with a notice on our website.

This policy has been last updated on 2024-09-04.

Contact Information

For any questions or concerns related to privacy or data handling in ACTRIS, please contact NILU at actris-dc-data-expert-team@lists.nilu.no.

Postal address: NILU (company registration number 941 705 561), Postboks 100, 2027 Kjeller, Norway.